Risk Management. Risk Management. Section CONTENTS PART I: THE BASIC THEORY. Summary

Risk Management

Section 6.3.1

Risk Management

PART I: THE BASIC THEORY

Summary 1. Introduction 2. Definition 3. The Goals 4. The Basics 5. The Benefits 6. The Process

PART I: THE THEORY

This section outlines the theory behind risk management, provides an outline of what is involved in the process and discusses the goals and strategies that should be considered in the development of a risk management plan. In effect, risk management is a proactive approach to identifying, analyzing and controlling the resources of an organization in order to minimize potential

adverse effects of risk. The process consists of identifying possible risks, analyzing the nature and likelihood of their occurrence, taking steps to reduce, mitigate or transfer the risk, and finally monitoring the situation on an ongoing basis to ensure that any potential risks are dealt with before they occur.

Formulating a municipal risk management plan provides an outline of possible alternatives, and establishes a basis for selecting an appropriate course of action. Implementing a risk

management plan and effectively communicating it to all personnel can result in increased productivity, reduction of uncertainty, and ultimately a more effective management of personnel and resources.

1. INTRODUCTION:

This part provides a brief overview of the fundamentals of risk management. Although every effort has been made to identify major or generic activities that would involve an element of risk for a municipality, the reader is cautioned that not all elements of risk management can be covered in an article of this scope. In addition, the reader is further cautioned that the preparation of this guide must necessarily involve interpretation of general situations and may not represent specific events. Specific situations may require a careful legal analysis, therefore, reference should be made to the appropriate Nova Scotia statutes and to legal advisors for individual situations.

This part provides a brief overview of the process of risk management as it relates to municipalities and offers some practical examples of how to initiate the process in your municipal unit.

Risk Management

Traditionally, risk has been defined as the possibility of loss, injury, disadvantage, or destruction resulting from the day to day operations of a business, or organization. Risk management is a term used to

describe the process of analyzing, organizing, planning, directing, and controlling the resources of an organization in order to minimize the potential effects of risk. Risk management is by nature, proactive, and encompasses all management-directed activities aimed at

accomplishing optimum results in a professional manner.

A risk is comprised of:

• a definable event,

• the probability of that event occurring, and

• the consequences of such an occurrence.

The types of risk that municipal governments are faced with that can cause economic loss include:

• legal liability to others,

• property loss through disaster, theft etc.,

• extra expense (e.g. to replace equipment or to re-establish service),

• loss of income,

• human resources loss, and

• crime and fidelity loss.

Some of the characteristics of risk are clearly identifiable and include:

• Situational - specific risks vary according to particular

situations. Certain weather patterns can lead to flooding in certain areas. When those patterns are identified, steps can be taken to alleviate the risk of flooding. What one municipality may do in their locale may not be effective in another

municipality.

• Interdependent - risks are often interdependent and

interrelated. Eliminating one risk may cause another risk to occur or possibly increase the impact of another risk. Hiring extra security personnel to ensure safety during a planned event may impact budget projections for that event and place the

project in financial risk.

• Proportional - the greater the expected benefit, the more

acceptable the risk becomes,

• Value based - the acceptance level of risk may vary from

person to person. What may be deemed an acceptable risk to one person may be considered an unacceptable risk to another. Municipal governments, because they are holders of public funds should have a lower tolerance for risk than private sector organizations.

• Time specific - risk is a prediction of future events and is

related to activities carried on today.

Risk is the uncertainty factor. When planning a project or an activity such as a festival or event in your municipality, risk management involves determining ahead of time just what might happen that you don’t want to happen. For example, your recreation department officials are planning a lilac festival to celebrate the arrival of spring and the start of the summer recreation season. Plans for the festival include an outdoor concert featuring a very popular musical group. Inclement weather would be a risk factor that should be considered during the planning stages of such an event. Either spring arrives late and the lilacs don’t bloom in time and it’s too cold for an outdoor festival, or it rains the whole weekend. These are generally

insignificant risks in the grand scheme of things, but they do have a measurable impact on the budget and on the success of your planned event.

Risk management goes beyond merely listing things that could possibly go wrong, it involves analyzing the consequences of such unforeseen events, and determining what steps can be taken to either prevent or lessen the impact of such occurrences. For example, when your lilac festival was rained out, you still had to pay the rental on the tents, and you still had to pay the entertainment even though they couldn’t play because of the torrential downpour. A carefully thought out strategy of risk management would enable the municipality to be prepared in advance with alternative sites to hold the concert, or the purchase of an insurance policy which would cover among other things the fees paid to the entertainment if they could not perform due to inclement weather.

A simple example of Municipal Risk Management

Risk Management

Risk management is primarily a specialty within the management function and is specifically targeted towards the elimination or reduction of financial losses resulting from the activities of a municipality.

The obvious goals for initiating a risk management program at the local government level are to eliminate, where possible, the threat of accident and other forms of liability, and where it is not possible to eliminate the risk, to at the very least reduce the possibility of an accident or risk occurring. Beyond this, the goal is to minimize the impact on a municipality when losses occur.

The most effective and efficient municipal risk management program keeps its objectives in line with the needs, goals, and overall well-being of the community it serves. Municipal risk managers must pursue their goals with sensitivity to the limitations on local resources and monitor program costs carefully.

4. THE BASICS:

Risk management involves identifying, analyzing, and responding to risks by minimizing the consequences of adverse events and

maximizing the results of positive events. These are the outcomes of risk management planning.

The plan may identify several possible alternatives for each identified risk, and indicate the preferred action to address each one. Such actions may range from simply monitoring the situation and

controlling the variables, to making changes to the process. In some instances it may be necessary to alter the goals of the project in order to achieve the desired outcomes. Formulating this kind of risk management plan will provide an outline of the possible alternatives available to the municipality and indicate a course of action.

Why have a risk management program?

Benefits of Risk Management

• Protection of public funds • Reduced costs

• Increased productivity • Reduced uncertainty

• More effective management

5. THE BENEFITS

The benefits of a comprehensive risk management plan for the municipality are numerous and can be recognized at a number of levels, from the activity level to the senior management level. Such benefits may include:

• more effectively managed and efficiently run projects,

• better control over project budgets,

• increased likelihood of a successful outcome,

• greater community support,

• reducing the possibility of costly surprises and budget overruns,

• increased effectiveness and efficiency, resulting in better program results,

• more openness and transparency in the decision making and management processes, and

• more effective strategic planning resulting from an increased awareness and understanding of risk exposure.

Risk Management

IDENTIFY RISKS and

RISK OWNERS

ANALYSE Set priorities

and implement strategies Likelihood Consequences Estimate level of risk Timeframe MONITOR AND REVIEW COMMUNICATE WITH STAKEHOLDERS

6. THE PROCESS:

The process involves the continued monitoring of all of the activities the municipality is involved with in order to identify new elements of risk as soon they become apparent. Once they are identified, the risks are prioritized according to their impact or importance to each

particular situation, and a detailed plan of action is drawn up to address each risk in the most appropriate manner.

Simply put, risk management involves the sequence of identifying, analyzing, and responding to risks.

Although specific methods for addressing a particular type of risk may differ, the process remains consistent. The process of risk management involves the following steps:

1. Identify - identify the services and assets that could potentially

cause financial losses for the municipality. In addition, identify “risk owners,” more specifically, the staff person or project manager responsible for the program, service, or asset.

Identify, analyze, and respond

2. Analyze - evaluate the risk: the probability of the risk

occurring, the frequency with which it could occur, the impact or severity of the loss resulting from the risk, and the length of time it will take for the municipality to recover from the loss.

3. Plan - assess the options and implement the procedures

designed to eliminate the conditions that may lead to loss, minimize the effects of the loss or mitigate the risk by finding ways to cover the loss financially.

4. Monitor - collect and compile status information on the risk

and the mitigation plan, adjust the process, and manage the program accordingly to ensure maximum effectiveness. Re-evaluate and adjust the plan on a regular basis.

The process of risk management can be as simple or as complicated as time and resources permit. The following section provides detailed information on how to implement and carry out the risk management process.

There are numerous invaluable publications available for those wishing to pursue further information on risk management. Please refer to the list of publications in the bibliography at the end of Section III for details on authors and titles.

Risk Management

Risk Management

CONTENTS

PART II: IMPLEMENTATION

SUMMARY:

1. Practical steps to take 1.1 The Challenges

1.2 Selecting a Risk Manager

1.3 Duties and responsibilities of a Risk Manager 1.4 Formulating Policy

1.5 Preparing a Risk management plan 2. The Process

2.1 Strategies to Identify the risks 2.2. Analyzing the risks

2.3 Planning your response 2.4 Monitor

PART II: IMPLEMENTATION

This section provides a “how to guide” for implementing a risk management program in a municipality beginning with the

selection of a risk manager. Hiring a professional risk manager is one option, however the costs involved may make this impractical for many municipalities. Developing a risk management team under the direction of a senior municipal official may be the most feasible option for most municipalities. The skills and abilities required for the position of risk manager range from having a genuine interest in controlling risk, a desire to learn, and the ability to maintain accurate records to dealing with potentially difficult situations or people. The ability to speak in public and to talk to the media during a crisis is a key attribute for any risk manager.

Once the risk manager has been designated, a risk management plan can be implemented that will involve all municipal personnel. Implementing a risk management process consists of four basic steps: identify, analyze, plan, and monitor. Each step is outlined in detail with practical suggestions on how they can be

accomplished.

PRACTICAL STEPS TOWARD MANAGING RISK 1. 1 The Challenges:

One of the major challenges for local government is to make risk management an integral part of the management process. This may require a fundamental change in the culture of the workplace. A successful risk management program depends upon support and sponsorship from the top; coordination of planning and activities at all levels; involvement and cooperation of staff at all levels and the development of a culture that encourages and rewards risk management.

At the management level, managers need to support and encourage prudent risk management. This can be accomplished by following general good management guidelines such as:

Risk Management

• Acknowledge, reward and publicize good risk management

practices,

• Focus on the positive, recognize what your staff are doing right and don’t place undue emphasis on minor mistakes,

• Encourage learning from unexpected results, and

• Develop positive strategies for avoiding recurrence while avoiding restrictive controls.

1.2 Selecting a Risk Manager

The implementation process involves establishing risk management practices at the organizational, activity, project and team levels. The first concern in implementing a risk management process involves a clear demonstration of support for the process at the management level. Communicating the philosophy and awareness of risk can be facilitated by training, and educating staff and management. The most important part of communicating and educating staff is to delegate a risk manager, and a risk management team to sponsor the initiative and to communicate to the organization what is expected of them.

Hiring a professional risk manager is one option, however, few municipalities are in a position where they could justify the expense. Other options include jointly hiring a professional risk manager with one or several other municipal units in the region. In the event that this is not feasible, it may be possible to designate a capable employee as risk manager and back this person up with a risk management committee. A risk management committee involves a significant amount of dedication and effort on the part of its membership which may ideally include the municipal solicitor, the insurance agent, department heads and various other key personnel.

L. E. O’Brien and Duane E. Wilcox offer some valuable insights into the selection of a risk manager in their article Risk Management

Organization and Administration, some of their suggestions as to the

characteristics to look for in a potential risk manager include:

• have an interest in being a risk manager,

• have the ability to learn how to fulfill the responsibilities of a risk manager with some retraining,

Appoint or hire a Risk Manager

• have the ability to setup and maintain accurate records,

• have the ability to identify risk management implications of legislation, regulations and administrative guidelines,

• have the ability to identify issues and trends and be able to formulate practical conclusions from personal observation, information provided or collected,

• have some training and understanding of a broad range of

local government operation and procedures,

• have the ability to deal with potentially difficult situations and people as he or she may be called upon to intervene in

situations that may be problematic,

• have the ability to deal with people calmly and tactfully, as well as effectively, and

• have public speaking skills as they will be called upon to make presentations, to lead focus groups, and to educate staff on risk management procedures.

The risk manager should be either a top level executive position, or report directly to the top executive position in municipal government, rather than to a middle manager. This will have the effect of

emphasizing the importance of the role of the risk manager to other local officials and employees. It will also emphasize the fact that the risk manager has the ability to call upon the highest level of authority for assistance when required.

Transferring some of the risk manager’s previous duties to another position may help to free up the needed time for him or her to devote to the new responsibilities. Also, providing administrative assistance can help to combine the previous and new duties without placing an unmanageable work load on their shoulders. Appointing a risk manager however, does not release other municipal employees from the responsibility of identifying risk.

All municipal employees need to be informed that the risk manager is entitled to call upon them for assistance and that they in turn have an obligation to respond positively to any request for assistance. The risk manager may wish to call key officials and employees together on a somewhat regular basis to review the overall program and to discuss any matters requiring attention. Persons with a special obligation to

Risk Management

assist the risk manager would include the municipal solicitor, the clerk, chief of police, fire chief, city engineer etc.

1.3 Duties and responsibilities of a Risk Manager

The general responsibilities of the risk manager are to identify, evaluate, and deal with risk exposures which may potentially face the municipality. Some of the particular functions of a risk manager described by O’Brien and Wilcox include:

• Participate in the preparation of a risk management policy,

• Identify facilities, situations or conditions which may present a

possible risk,

• Review projects and programs for risk management

implications,

• Provide recommendations for dealing with risk ie: accept the

risk, avoid the risk, reduce the opportunity for risk, mitigate the impact of the risk, transfer the risk, and monitor the risk,

• Establish and maintain records related to insurance coverage,

loss and claims and other pertinent documentation,

• Negotiate insurance coverage,

• Work with the insurance agent or municipal solicitor when

required, and

• Communicate with, and educating other employees and

management on issues relevant to risk management.

What does a risk manager do?

Municipal Risk Management Mission Statement

Promote proactive risk management techniques in municipal government.

Provide the mechanism to minimize the adverse impacts of risk and losses for the municipality.

Absorb risk w hile maintaining a stable financial profile. Ensure the long-term financial security of the

municipality.

1.4 Formulating Policy

Development of a clear policy regarding the management of risk in the organization is essential. The policy should be relevant to the

municipality’s mandate and should be:

• Communicated to staff at all levels,

• Understood clearly by all employees, and

• Implemented and maintained at all levels and in all

departments.

The policy should contain:

• The objectives and rationale for managing risk,

• The range or extent of risk that needs to be managed,

• Clear guidelines on what may be regarded as risk and how to identify risk,

Developing a risk management policy is essential

Risk Management

• Guidance on what may be regarded as “acceptable risk”,

• Guidance on what level of documentation is required,

• Identification of the persons (or positions) who “own the risk”,

• Support and expertise in handling risk, and

• A clear plan for review and evaluation of performance in managing risk.

Some suggestions for formulating a risk management policy statement include:

• Have the risk management committee produce a draft statement

for review,

• Have the risk manager produce a draft statement for review,

• Seek the advice of the insurance agent and the municipal solicitor,

• Adopt a provisional policy statement as a starting point and provide for future modifications, and

• Consider policy statements of other municipal units and adapt them to fit.

1.5 Preparing a Risk Management Plan

The risk management plan is a document which outlines the

procedures that will be used to address and manage risks throughout a program or project. This document should contain the risk

management matrix and any documents related to the identification and analysis phase. This plan should also outline who is responsible for managing the various areas of risk and indicate how the

contingency plans will be implemented.

A Risk Management Matrix can be found in Appendix A4.

The risk management plan is a supporting element of the project plan and can either be in minute detail, or a more broad-based approach depending on the specific project. Whether detailed or not, any risk management plan should contain the following elements:

STEP 1 IDENTIFY STEP 2 ANALYZE STEP 3 PLAN STEP 4 MONITOR

1. List of all the identified risks in a summarized form,

2. Risk management matrix or worksheets,

3. Detailed strategy or plan of response for each major risk to be monitored,

4. Identification of ownership - which section or department is responsible for each identified risk,

5. A review schedule to aid in monitoring progress, and

6. Documentation on the results of the risk management plan and what has been happening with each identified risk, how they were addressed etc.

There are a number of valuable sources for further information on the development of guidelines for risk management in both the public and private sectors. The internet has a wealth of good websites dedicated to this topic. One particular publication that deserves special mention is “Critical Incident Protocol - A public and Private Partnership” published by Michigan State University. This publication has particular relevance following the events of September 11, 2001.

A selection of some of the relevant www sites consulted is included at the end of Part III for those who wish to further research the subject.

THE PROCESS:

2.1 Step 1: Identifying Risks

The first step in risk management involves identifying areas of

possible risk. In order to manage risk effectively, the local government administrator must know and understand clearly what risks the

municipal government faces. For information concerning municipal liability in specific situations, administrators are advised to seek advice from their municipal solicitor.

Risks are often common knowledge

Risk Management

IDENTIFY

See PART XXI of the Municipal Government Act regarding municipal liability, sections 504, and 512 to 517.

Some risks are obvious and often well known. Damage to property near a river that is known to flood on a regular basis is a fairly obvious example of this. Not all risks, however, are as easily identified and the establishment of a risk analysis procedure will allow you to identify risks as they arise.

According to Richard Wong in The A,B,C’s of Risk Management, loss exposures can be categorized into six broad groups:

• Physical property- (including buildings, machinery and

equipment),

• Loss of income,

• Contingent expenses - (depending on the circumstance),

• Human resources,

• Legal liability, and

• Perils - (something that creates a danger or risk).

Municipal Liability Risk Management is a compendium of articles

published by Butterworths Canada, edited by Frederick P. Crooks, Q.C and M. Rick O’Connor, which provides a wealth of information on municipal liability in specific situations.

Keeping management and key personnel adequately informed is critical, and this can be accomplished by implementing an incident reporting system within your organization. Small problems that are dealt with in a timely manner may prevent larger problems in the future.

One of the tools that a risk manager should have at their disposal is an emergency call list so that they can contact key personnel for

assistance in developing contingency plans, and to refer to in case an emergency situation occurs. The list should outline the responsibilities of each of the key personnel and should contain both work and home telephone numbers with space to record the time and date of contact. This list should also include emergency telephone numbers for fire, police, and ambulance services.

Tools to Assist the Risk Manager

A tool to assist the risk management team

A brainstorming session involving all the stakeholders, including front line workers, is an extremely valuable tool that can help to identify what could go wrong, when risks are likely to occur, where they are likely to occur, why they may occur and who is apt to be involved. Potential risks identified in this manner can be addressed before they happen and the risk either eliminated or reduced. Detailed information from The Memory Jogger: A Pocket Guide of Tools for Continuous

Improvement and Effective Planning on how to hold a brainstorming

session is contained in Appendix A3 at the end of this section. This tool can be used to carry out each of the five steps in the risk

management process.

Some additional sources of information the risk management team may use to identify potential risk include:

• Past experience can often provide insight into what may happen in the future,

• Investigation into incidents and accidents can reveal where

previous risks may have arisen and how they may be prevented in the future,

• Interview/focus group discussions with staff to identify risks

that they may already be aware of,

• Surveys and questionnaires with the public as well as staff can

identify areas that may need to be addressed,

• Carry out safety audits (such as outlined in Part III - Section 6.3.3, number 9.1)

• Focus on any new projects and on areas of change for new or

previously unidentified risk factors, and

• Network with peers, other municipalities, and professional

associations.

Identifying risk is by far the most significant step in dealing with the risk. The risk management matrix in Appendix A4, developed by the Australian Agency for International Development, provides a template to assist in answering the following questions to identify and analyze potential problems.

Strategies for identifying risk

Key questions to ask in identifying risk

Risk Management

STEP 2: ANALYZE

• Who, what, when, where, why and how? These age old

questions are the basis for identifying potential risks. At the planning stage of each new venture or activity, a risk

identification process should be initiated.

It may be worthwhile to remind the risk management team that although their input and suggestions are most beneficial, the ultimate decision as to if and how their suggestions are to be implemented will be ultimately the responsibility of the risk manager.

Risk ownership

The ownership of risk is an allocation process tailored to the particular area of the organization responsible for the particular function,

specialty or discipline. It may be appropriate to keep risk ownership at a relatively high level such as department head, supervisory staff etc. Responsibility goes hand in hand with the authority to act. Without that authority there can be no true risk ownership. Front line employees are often the ones with the expertise and know how to identify potential risk. They deal with such situations on a regular basis and can make suggestions to address problems before they arise. The most effective risk management program will include all

employees and have responsibility clearly defined at each level.

2.2: Analyze the risk:

After the initial session, the group will be charged with analyzing each of the identified risks from the first session. After identifying what the risks are, the next step involves looking at all aspects of the risk and determining how it could happen, why it could happen, and what factors need to be considered in order to correct the situation.

Analyzing a risk involves establishing the characteristics of each risk, what is the likelihood of the risk occurring, (either the frequency or the probability), and what are the consequences if it does occur.

Identifying the probability and the consequences of each risk enables the risk management team to determine what steps, if any, should be taken to address the risk.

A risk analysis worksheet provides an opportunity to identify sources of risk, the impact of the risk, alternatives for handling the risk, the owner of the risk and provides a method for ranking risk levels. An example of such a risk management matrix is included in Appendix A 4.

• What is the source of the risk? Be specific, outline all possible It is important to

determine who in the organization is responsible

sources of risk using the risk management matrix. Have each team member identify any and all possible sources of risk inherent in a project, activity or operation. Indicate in each instance whether the risk is certain to happen, likely to happen etc. By ensuring that everyone working on a project receives a copy of the completed risk management matrix, you can make everyone more aware and better able to prevent the occurrence of the risk. Nicholas Greifer and Brennan Schwarz outline seven categories of sources of risk, including:

• Physical environment (snowstorms, earthquakes

hurricanes etc.).

• Legal environment (laws and legal precedents).

• Operational environment (day to day activities and actions within the government).

• Political environment (legislative activity, elections).

• Social environment (cultural composition of the community, social attitudes and preferences).

• Economic environment (market trends, interest rates).

• Cognitive environment (absence of information, the

attitude of individuals towards risk).

The above list is by no means exhaustive, and further examination of individual circumstances may identify more sources of risk that municipalities may face.

When the sources of risk have been identified, further evaluation should include questions such as:

• Is the source of risk something that you have control over?

• Is the source of risk something that can be changed?

• What are the consequences of each risk? How would the

occurrence of this risk impact the project? Would a rainstorm during the outdoor band concert planned for your lilac festival result in cancellation of the concert? How would cancellation impact the municipality? Would this lead to financial losses? If it would cause a financial loss, how great would the loss be? If it is an insignificant amount this may be one of those times where it is better to just accept it because the level of risk is not substantial enough to warrant booking an alternate site for the concert.

• How can you avoid, eliminate or reduce the likelihood of the risk? Do you have alternatives available that will lessen the What is the source?

Risk Management

impact of the risk occurring? Can you hold the band concert in the local arena for example? If the planned concert involves a significant expenditure for the recreation department to bring in the entertainment, it is probably a good idea to have a back-up plan in case of inclement weather.

Table 1. provides a template to help identify the level of risk and the

type of response that may be most beneficial.

TABLE 1: Consequences

Determine the level of risk and the response level required:

Extreme High Medium Low Negligible

Almost

certain

Severe

Severe

Major Trivial

Likely

Severe

Moderate High Major Significant Moderate Trivial

Unlikely Major Significant Moderate Low Trivial

Rare Significant Moderate Low Trivial Trivial

Source: Better Management: Guidelines for Managing Risk in the Western Australian Public Sector.

RISK LEVEL ACTION

Severe: Requires management by senior management with detailed research and an itemized plan for addressing the issue. i.e. the discovery of e-coli or other serious

contamination of a municipal water supply which would present a significant health risk to area residents. On site management of the situation by senior staff is

imperative. Staff at the front line level would be involved in monitoring the situation, keeping accurate records and ensuring that senior management is kept well informed of the situation as it progresses, and what steps are being taken or recommended to address the situation. Seek expert guidance from outside sources when appropriate.

High: Requires management by senior management with research and itemized plans for addressing the issue. Senior management would work with front line staff to

monitor the situation and seek expert guidance from outside sources when appropriate.

Major: Requires ongoing monitoring by senior management. i.e. extended drought conditions causing major concern over the strain on municipal water supplies.

Front line staff would manage the situation and ensure that senior management is kept informed and updated on a regular and frequent basis.

Moderate: Requires routine monitoring by senior management. Management of the situation would remain with front line staff with regular updates to senior management

Minor: Requires management at the front line level, monitored and managed by routine procedures. Senior

management would be kept informed via routine weekly or monthly reports. i.e. vandalism causing property

damage to municipal property such as park or recreation facilities.

Negligible: Can be managed by routine procedures. i.e. minor weather damage to park or recreation facilities as a result of wind storm).

When the consequences are extreme, or there is a potential for personal injury, sickness or loss of life, more involvement by senior

management is required. The following guide may be used to describe consequence.

Extreme: The consequences represent a threat to not only the project, program, or activity, but would present major problems for the municipality. This would include any significant threat to the health and well being of the residents of the municipality, or significant financial losses to the community. Intense media attention would be expected in these circumstances. Senior management intervention would be required.

High: The consequences represent a significant threat to the effective operation of the project, program or activity or may attract adverse media attention. This level would require senior management intervention. Any risk that would result in significant financial loss to the

municipality, or represent a threat to the health and well

Risk Management

being of the residents would be considered high.

Medium: The consequences would represent a significant level of threat to the successful completion of a project,

program, or activity and may involve critical review and alteration to the operation of the project, program or activity. This would involve any risk of financial loss, or loss of service to the municipal residents.

Low: The consequences would represent some threat to the

success or effectiveness of some aspect of the project, program, or activity, but could be dealt with at the program level.

Negligible: The consequences may be dealt with by routine procedures.

The option you will ultimately choose is based upon the severity of the risk, and the likelihood of it occurring. Some questions to keep in mind when brainstorming in order to develop a risk response plan include:

• How will reducing or eliminating one factor increase the probability of another risk factor occurring? Using the

example of the outdoor concert during a lilac festival again, perhaps your recreation director has considered not hiring this particular popular musical group for the outdoor concert during the lilac festival in order to reduce the financial losses should a rainstorm wash out the planned events. The decision to not hire the popular group may have a number of ramifications:

• The number of concert goers would be reduced

significantly and therefore there would be less revenue generated by the concert,

• Because there would not be the crowds attending the festival, there would be fewer vendors willing to invest in setting up booths at the festival,

• The festival would not generate the kind of community support organizers were hoping for, and

• The publicity that would be generated by having this group perform could mean a dramatic increase in

visitors to the area during the festivities, by not having them perform, the community could be missing out on an opportunity to promote the festival and ultimately negatively impact the financial success of the festival.

What can you do about it? There are a number of alternatives to

consider in any situation. In this example, you could choose to:

• Hold the concert rain or shine. If the group you are booking can attract a significant number of concert goers who would attend even in the rain, it may be better to go ahead regardless,

• Rent a tent,

• Have an alternate site available in case of rain for example, plan to hold the concert in a local arena instead of planning an outdoor concert so that inclement weather would not be a risk factor to contend with, or

• Talk to your insurance agent about purchasing cancellation insurance.

• Which area would you prefer to have the risk? Some risk

factors may be easier to monitor or control than others. After analyzing the options in the previous question, you may be better able to identify what could go wrong if you choose one alternative over another. Each individual situation presents unique possibilities and must be addressed on an individual basis depending upon the circumstances.

• What are your obligations? What are the terms of any contract

that may have been undertaken? Are you responsible to pay for all or any expenses incurred by either the parties involved or the public should cancellation be necessary? What is your refund policy? What does your insurance cover?

Once the risk management team has identified what the risks are, and analyzed what the ramifications are for responding to each risk in a specific way, the time has come to decide upon the best course of action to take to deal with the risk. This is a decision that can only come after careful analysis. What appears to be the wisest course of action at first glance may not be the best response after careful analysis In short the options for dealing with risk are as follows:

Risk Management

PLAN

2.3 Plan your response

Risk response planning consists of identifying possible responses to the risks that have been identified, and selecting the best response to each particular situation.

Some of the options to consider when evaluating the risk and possible responses include:

1. Accept the risk 2. Avoid the risk 3. Reduce the risk 4. Impact mitigation 5. Transfer the risk

1. Accept the risk. At times, when the level of risk is not

substantial, or where it is not practical or economically feasible to make changes, the wisest course may be to just accept the risk. In such situations monitoring may be the recommended course of action. When the following criteria are present, consider accepting the risk and not taking steps to eliminate or reduce it:

• The level of risk is not high,

• the consequences of the risk occurring are not significant, or

• the likelihood of the risk happening is not great.

2 Avoid the risk: Where the level of risk is unacceptable, and

controlling the risk is not worthwhile, it may be advisable to avoid the risk. If an activity, or project presents the risk of significant loss to the municipality, it may be preferable to not proceed with the project or activity. However, it should be noted that inappropriate risk avoidance can result in diminished efficiency, cost penalties, loss of community identity or other losses to the community. Avoiding the risk involves a decision not to proceed, or to follow an alternative option. For example, a town may decide not to build an area for skateboarders to practice in order to avoid the liability exposures and the safety risks involved. However, by avoiding the risk in this case, the town may be creating a greater risk. Riding a skateboard on public streets could present an even greater hazard for the

Options to consider in a risk response plan

If it’s too risky, Don’t do it Just Accept It?

skateboarder, pedestrians, and drivers as well. Some risks are unavoidable however. Police and fire protection involve considerable risk to the municipality but are not avoidable. When the risk is not something easily or practically avoided, then consider the alternative options. Carefully weigh the pros and cons of a project before making a decision. The social benefits may outweigh the risks involved and the decision to go ahead may ultimately be the best for the community despite any risk involved.

3. Reduce the risk: taking action to reduce the consequences of

risk and planning in advance to deal with the impact include developing emergency contingency plans, evacuation plans, etc. Quality assurance, testing, training, supervision, review,

documented policy and procedures, research and development and regular monitoring are all ways of reducing the chance that losses will occur. Natural events such as hurricanes cannot be avoided but the likelihood of losses from such a catastrophic event can be reduced or eliminated by having carefully prepared disaster preparedness plans.

Accidents and disasters are bound to occur in even the most diligent communities. Municipalities should be prepared in advance so that staff are prepared for such an event. The first step is to identify the services and activities that are essential and must not be interrupted for any extended period of time. Next, brainstorm about what types of incidents could interrupt these services. Then, determine alternative plans that can be put into action immediately if normal services are interrupted. For example, have a back up plan for supplying emergency drinking water to the residents in the event of something happening to the municipal water supply.

Techniques for risk reduction include:

• Establish a routine of inventorying and documenting municipal property, equipment and services;

• Systematically conduct safety checks;

• Compose and enforce written policies and procedures

concerning municipal operations, with particular emphasis on areas most likely to present risk;

• Establish and communicate an incident reporting system

Tips for reducing risk Have a contingency plan ready.

Risk Management

so that employees are aware and can report any incident or condition that they see or are involved in that could present risk to the municipality;

• Ensure effective supervision by means of training and performance review;

• Have employees and volunteers participate in regular training activities.

One of the fundamental principles of risk management is that risk should be the responsibility of the party best able to control that risk

4. Impact mitigation: Impact mitigation refers to taking steps to

reduce the consequences of a risk occurring. Again, careful planning in advance is the method for reducing the impact of a risk occurring. Develop contingency plans. In case of serious or catastrophic events, evacuation plans or emergency response plans should be drawn up with the assistance of the experts, the fire department, police department, ambulance services, local hospitals and the local office of the EMO.

5. Transfer the risk: The obvious example of transferring risk is

through insurance. It is in the municipality’s best interest to be sure that insurance coverage is adequate, covers all assets and is kept up to date. Your insurance agent is the best source for information on how much and what types of insurance are best for the particular circumstance of each municipal unit. It’s always a good idea to consult with an expert on such matters. Get quotes from several sources and carefully compare the coverage offered and the rates. The cheapest is not always the best option.

Contracting out is another method of transferring the risk to an outside source. For example, if you hire a company to provide hanging baskets of flowers and other landscaping services for the downtown area of your community it is then the

responsibility of that company to ensure that the plants and landscaping features are well cared for and maintained. If the plants die, the landscaper replaces them, not the municipality.

Keep in mind that transferring the risk and the responsibility in this manner comes at a cost. You will be expected to pay for the peace of mind such services provide.

Let someone else carry the risk for you

Municipal Government Insurance company Contractor Financial Ris k Transfer Contractual Ris k Transfer STEP 4: MONITOR Risk Transfer

Source: An Elected Official’s Guide to Risk Management

The main objective of a risk management program is to reach a level where accidents and injuries do not occur, however that is probably not a realistic expectation. Risk management is a long term process aimed at eliminating at best, and reducing at the least, risk to the municipality.

2.4 Monitor

One of the primary responsibilities of the project manager is to monitor and track risk events. Where proactive strategies have been

implemented to address risk factors, continuous monitoring of the situation is imperative to determine whether those strategies are working as planned and to regularly reassess the situation to determine if new strategies are in order.

Part of the risk management plan should include maintaining a log to record events as they occur, and steps taken to address each event. The effectiveness of the risk management plan should be evaluated

periodically throughout the project in order to review the actions that have been implemented, and to judge their effectiveness.

The government of Western Australia has a number of extremely useful publications dealing with risk management. In particular Guidelines for

Managing Risk in the Western Australian Public Sector offers some

valuable advice and detailed information on carrying out a risk management plan for local government.

Risk Management

Keywords for the monitoring phase of the process are educate, inform, and recognize.

• Educate - Educate your risk management team to deal with risk

and to continually update their skills and keep abreast of issues in the risk management field. Enabling the risk management team to participate in workshops and training programs will make them a more effective and efficient mechanism for carrying out the functions they have been entrusted with.

• Inform - Inform your staff about risk management and enable

them to become active participants in the process. Establish reporting procedures so that any staff member who becomes aware of a situation that could present a risk to the municipality may record and report what they have discovered. Allowing your staff to become active participants will make the risk management team and the entire process much more effective. An added bonus is the boost to employee morale when they feel they can contribute in a meaningful way.

• Recognize - Recognition of the contribution of every staff

member in keeping risk factors under control is not only good management, it’s good manners. There are numerous ways to recognize and reward the contributions of staff from “employee of the month” type of programs, to a simple letter of thank you for your contribution to the effort.

The process, in summary, involves the identification, analyzing, planning, and continued monitoring of all of the activities the

municipality is involved with in order to identify new elements of risk as soon they become apparent, and respond to them in a timely fashion. Risks should be prioritized according to their impact or importance to each particular situation, and a detailed plan of action is drawn up to address each risk in the most appropriate manner.

Keep on top of things: Monitor and review regularly

The basics of risk management

Section 6.3.3 Risk Management

CONTENTS

PART III: APPLYING THE THEORY SUMMARY:

1. Liability for negligent statements 2. Talking to the media

3. By-law enforcement 4. Proactive safety program

3.1 On Site inspections 3.2 Motor vehicles 3.3 EMO 3.4 Employee training 3.5 Fire emergencies 3.6 Weather emergencies 5. Human resources

6. Sport and recreation 7. E-Commerce

8. Financial

9. Safe Communities

9.1 Safety Audit Program Appendix

A 1. Safety Inspection Checklist A 2. Community Safety Audit A 3. Brainstorming

A 4. Risk Management Matrix A 5. E-Policy Handbook

Risk Management

PART III: APPLYING THE THEORY

SUMMARY:

How a municipality handles communications with the media or the public is critical. Information provided to the public must be accurate, non-interpretive and reliable. Appropriate personnel should be designated to talk to the media and only designated personnel should provide information to the public.

Government at all levels have a responsibility to apply the law consistently, fairly and equitably. Canadian courts tend to find a duty of care to exist in almost any regulatory area where persons who are intended to be protected by the regulatory scheme suffer as a result of careless enforcement.

On site inspections of municipal buildings and properties are an effective and relatively easy way to begin the risk management process. Community safety audits are one way to bring the risk management program to the community at large and to identify areas where citizens may be at risk.

The following suggested courses of action are meant to provide a starting point, not a comprehensive or all inclusive list of the potential risks faced by a municipality.

1. Negligent misrepresentation

Municipalities may find themselves liable for employees who offer negligent statements, incorrect advice, supply invalid permits or approvals while acting on behalf of the municipality. Therefore, caution should be exercised when any municipal employee gives out information to members of the public or the media.

Employees should be advised to not offer information which they are not required to give out. In addition, when staff are in a position to provide information over the telephone, it is advisable to take notes while on the phone, recording who they are speaking with, the date and time of the conversation, the topic of conversation and any pertinent comments made by either party. Such notes made concurrently with a phone call may be referred to in a court of law if the staff person is called as a witness. These notes will provide support to the staff member’s credibility as a witness.

Advise staff to use caution when speaking with the public

When an opinion, or an interpretation, is requested, employees should be made aware that because law is open to interpretation, it may be advisable to seek the advice of the municipal solicitor before offering any comment or statement of fact on bylaws or regulations (including permits or approvals). A court may still disagree with that legal interpretation, but having a legal opinion is good evidence that reasonable care has been exercised.

It’s a good idea to remind all municipal employees that regulations are put in place for a reason, and they should avoid the temptation to give someone “a break” as it could backfire on the municipality.

The liability for negligent statements by municipal staff is well established. Negligent statements extend to advice, permits and approvals, as well as statements to the public at the reception desk or over the phone.

2. Talking to the media (or the public)

Providing information to the media or to the general public can be a particular source of risk for municipal governments. All information that staff provides to the public should be reviewed to ensure it is correct. Incorrect information could potentially lead to a law suit. It is important also that the information is being supplied by the appropriate staff person. If the information being provided is something that is open to interpretation, staff should be advised against offering any interpretation.

In a crisis situation, media relations must be handled very carefully. It’s a time of high tension and it’s easy to respond emotionally, off the cuff or in a hostile manner. None of these approaches will get your message out correctly. While it is recommended that senior staff receive media training, some suggestions for dealing with the media include:

• One person should be designated as the media spokesperson

and everyone on the crisis response team should refer reporters to him or her.

• Media will often focus their attention on the mayor or warden, as the head of the community, but that doesn’t mean the mayor or warden should be the media spokesperson.

• Answers should be short and factual. Steer clear of hypothetical

When the press wants to talk to you

Risk Management

questions and don’t guess at answers, or offer personal opinions.

• Be mindful of media deadlines but don't let a newspaper deadline determine your response. Provide accurate information when you have it rather than offering a rushed response that you may later regret just to meet a deadline.

• Provide copies of any press releases to your staff and have them available to the general public in addition to offering them to the media. In this way, your staff will be

knowledgeable about the official position if approached with questions. Also, the public will have access to the official statement that you provided rather than the statement edited for publication.

The media will be hungry for information and will often seize on rumour to build a story. Respond with the facts and don’t be afraid to defer your response until you can verify the information a reporter provides to you in a question, for example:

• Question: Mr. Mayor, is it true that 25 children were injured in

the school disaster?

• Poor response: I have no idea… It’s a terrible thing… I can

only imagine the horror those poor kids felt as ...

• Better response: Emergency response crews are on the scene

and we are still confirming information. There will be a news conference at the town hall at 4:30 and we will provide you with as much information as we can at that time.

For a more in depth look at how to deal with the media, refer to How

to Handle the Public, The Media and Your Staff by Peter Gill of the

British Columbia Municipal Insurance Association. This article can be found in Municipal Liability Risk Management Volume 1, Number 4.

3. By-law enforcement

Government at all levels should presume they are under a legal duty of care to perform their statutory functions responsibly. Canadian courts are clearly ready to find a duty of care to exist in almost any regulatory area where persons who are intended to be protected by the regulatory

Tips for dealing with the media

scheme suffer physical or economic damages which may be reasonably foreseeable as a result of careless enforcement.

Legislation and bylaws should be carefully reviewed to identify which impose a duty to conduct inspections. Be particularly aware of

legislation which imposes specific duties to regulate or supervise. Review bylaws to see if the words imply a higher level of duty than necessary. Consider things like:

• the likelihood that careless enforcement may cause harm to the person for whose benefit the regulatory program was

established,

• the potential for serious harm due to lack of enforcement,

• the degree of public reliance on the program;

• the accepted enforcement practices in other municipalities and jurisdictions.

Inform staff that the municipality may be liable for any inspection or investigation conducted in a negligent manner. Explain that if during an inspection, an inspector fails to discover a failure to comply with the regulations which ought to have been able to be discovered, the municipality may be liable for loss suffered by a person.

Be aware that as a result of the Just decision, governments may be liable for failing to institute a system of inspection or an adequate system of inspection which would disclose failures to comply and not only for failure to discover a breach and subsequent failure to enforce.

Review enforcement methods. Consider things such as:

• Is it reasonably foreseeable that a particular individual or group of persons may be adversely affected as a result of failure to enforce?

• Are the intervals between inspections so lengthy that the program is ineffective?

• Do officials routinely negotiate with significant non-compliers without taking formal enforcement action?

• Do officials routinely escalate enforcement responses in cases of persistent non-compliers?

Inspections and enforcement

Risk Management

• Are public complaints responded to?

• Is staff trained?

• Do officials routinely permit informal variations of the rules?

• Are there regulations which are never enforced?

After the review, prioritize responsibilities. The budget preparations should include a request for sufficient funding to properly inspect and enforce. If, as a result of the budget process, inadequate resources are allocated, re-evaluate priorities.

Record the decision making process to provide documentation that:

• senior officials had responsibility for the review,

• that the decisions made by council, and were based on the allocation of limited resources in the way best designed to protect both the public interest, and any persons who may be most adversely affected by a failure to inspect or enforce.

The courts will not lightly interfere with true policy decisions, especially when taken at a high level, which involve financial,

economic, social or political factors or constraints. But a government must now be ready to demonstrate that balanced against the nature and quantity of the risk involved, its system of inspection and enforcement was reasonable in light of all the circumstances, including budgetary limits, the personnel and equipment available, and that it has met the standard of care imposed on it.

Liability for poor management practices may depend on whether there is a comprehensive compliance and enforcement policy in effect for each regulatory program. Management should designate an officer in charge of compliance, allow for regular reporting, provide for training and the development of manuals and procedures, a system to deal with persistent or emergency situations, and a periodic evaluation of the program with response to the recommendations arising from it.

While the focus is on minimum enforcement responsibilities, governments must also take care not to over enforce by prematurely ordering, for example, the seizure or destruction of property. Civil damages for careless enforcement could arise. The courts will consider whether the officials, on an objective re-assessment of their

The importance of documentation

actions in all the circumstances, had reasonable grounds to believe the action was necessary. The fact that an official sought legal advice before acting may reinforce the conclusion that there were reasonable grounds to believe the actions were necessary and proportionate.

4. Proactive Safety Program

Nova Scotia’s Occupational Health and Safety Act states:

“The foundation of this Act is the Internal Responsibility System which

(a) is based on the principle that

(i) employers, contractors, constructors, employees and self-employed persons at a workplace, and

(ii) the owner of a workplace, a supplier of goods or provider of an occupational health or safety service to a workplace or an architect or professional engineer, all of whom can affect the health and safety of persons at the workplace, share the responsibility for the health and safety of persons at the workplace;”

In light of this legislation, and in the interest of both the employer and the employee, establishing and carrying through a proactive safety program to identify possible risk factors and eliminate or reduce the opportunity for accidents or mishaps to occur is a vital part of any successful risk management program. There are a number of risk management areas that can be addressed by a comprehensive safety program including:

• site safety,

• vehicle safety,

• driver safety,

• emergency situations, and

• human resources.

A proactive safety program begins with a study of the physical

surroundings. A walk through survey of the physical environment is a good beginning in identifying possible exposure to risk. On site

inspections held at regular intervals can reveal where conditions can be improved, or risks eliminated.

A safety program is an important first step

Risk Management

Some considerations to note while doing a walk through site evaluation include:

• Install adequate security equipment - ensure locks, lights, alarms, etc. are maintained in proper working order and are sufficient for the job.

• Control building access and keys - policies for storing, signing out, and returning keys should be developed and followed rigorously. Keys hanging on the wall in plain view are an open invitation to trouble. Be aware of threats from within - Staff, visitors and others who legitimately visit your premises may be a source of risk that can be addressed before a problem arises.

• Check the lighting in all municipal structures. Light fixtures should provide adequate light levels for the work being performed. Well-lit hallways, doorways, stairways, and exits provide for a comfortable work environment and help to prevent accidents. Shadow areas must be kept to a minimum especially in areas that are accessible to the general public. Emergency lighting should be installed and in proper working order. Adequate exterior lighting will help to reduce the possibility of accident or injury in public areas including parking lots, and walkways.

• Outside walkways and parking lots should be well maintained and kept free of obstacles or debris in all seasons. Loose pavers or damaged pavement should be repaired immediately. Snow and ice should be cleared as soon as possible.

• The flooring in buildings should be in good repair. Part of the regular building maintenance routine involves identifying and repairing any damaged areas of flooring such as bunched or loose carpet, loose or missing tiles. If tread mats are used at entrances, they should lie flat without sliding. Stair treads must be in good condition and hand rails must be in place where necessary and firmly secure.

• Emergency exits ought to be clearly marked and accessible, and should be clear of debris both inside and out. Exits should never be chained or bolted and must open easily from the inside even when locked. Hallways and doorways should be clear of any obstacles. Any overflow storage should be

Municipal buildings and grounds

removed to an off site location.

• Fire extinguishers should be available and appropriate for the site and the type of fire which could occur. With the

proliferation of computers and electronic equipment, the extinguishing agent should be appropriate for electrical fires, paper, wood, and so on.

• Employee lounge areas ought to be kept free of combustibles. If microwave ovens, toasters, coffee pots etc. are available, someone should be responsible for checking that all appliances are left unplugged unless someone is in the room. Any

electrical cord that is frayed, loose or in any kind of disrepair can present a fire hazard and should be discarded. Overloading a circuit can lead to a fire and it may be advisable to consult a professional electrician to ensure that the wiring in an

employee lounge area is sufficient to the task.

This is not by any means an exhaustive list of the possible sources of risk on municipal property, however it is a place to begin to assess your own location.

Walk through inspections will not eliminate the possibility of accident or liability, but can be a simple and cost-effective way for municipal administrators to address this aspect of risk management.

See also safety audits in Part III, number 14, and Appendix A2 for further information on doing a walk through assessment of the community.

4.2 Motor Vehicles

Municipal Vehicle operation is a good example of how your community can easily avoid risk situations. Taking the time to understand the cause and effect relationship in accident prevention provides an opportunity to avoid losses in the future.

The first priority is to ensure you have adequate insurance coverage for all vehicles owned and operated by the municipality. Coverage should include liability, collision as well as vehicle replacement costs.

Accident prevention measures are an important part of a vehicle risk management program. The three areas to address in such a plan are:

• The vehicles;

Municipal vehicle operation

Risk Management

• The people who operate them; and

• The organization.

4.2.1. The vehicle:

A good vehicle maintenance program is of prime importance and includes well organized, written records of all maintenance and repairs undertaken on each municipal vehicle. Maintenance schedules

outlined in your program ideally will conform or exceed the guidelines and schedule in the vehicle’s owner’s manual. A regular part of a vehicle’s maintenance includes keeping the vehicle clean, and in good repair. Establishing procedures for daily ‘walk about’ checks to examine tires, lights, etc. prior to starting a vehicle may serve to avoid expensive repairs later and may even prevent avoidable mishaps. Such procedures have the added benefit of promoting a sense of pride and confidence not only in your employee/operator, but in the

community as well, when your vehicles are looking and performing at their optimum.

If your municipality employs mechanics to work on municipal vehicles, it is also a good idea to ensure that their certification is kept current.

Vehicle safety is an important responsibility of local government administration. Employees and citizens rely upon their municipal government to ensure that the vehicles and equipment used by

municipal staff are well maintained, in good repair and equipped with all the necessary features that are required for safe operation.

4.2.2. The people who operate them:

Another important aspect of this responsibility is ensuring that equipment, machinery and vehicles are operated by reliable, safety-conscious, even-tempered and cautious drivers who acknowledge that safe vehicle operation is an important function of their job.

A valid operator’s license is not sufficient to prevent accidents. The people you select to operate a vehicle on behalf of the municipality must have good driving records. Putting a poor driver behind the wheel can be an expensive mistake. Reviewing a driver’s past driving record and experience is essential. The best indication of how a driver

DOT safety inspections are mandatory and should be kept up to date Reliable, safety conscious vehicle operation Regular vehicle maintenance is essential

will perform in the future is how they performed in the past. If a driver has a record of minor traffic accidents, chances are that trend will continue, at the expense of the municipality. The municipality should have a policy regarding the use of municipal vehicles.

In order to reduce the opportunity for risk, professional risk managers may recommend:

• Regular review of the motor vehicle records of municipal employees who are operating vehicles. An applicant’s g